CVE-2023-6689

HIGH 8.2

Cross-Site Request Forgery in EFACEC BCU 500

CVSS Score

8.2

EPSS Score

0.0%

EPSS Percentile

0th

A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application.

CWE	CWE-352
Vendor	efacec
Product	bcu 500
Published	Dec 19, 2023
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for efacec bcu 500

Be the first to know when new high vulnerabilities affecting efacec bcu 500 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

High

Affected Versions

EFACEC / BCU 500

version 4.07

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-02

Credits

Aarón Flecha Menéndez of S21sec